A security flaw found in Apple has allowed an attacker to remotely control iPhones over a Wi-Fi network. That way, he could have access but also to download all data that exist in mobile a user and even enable them cameras and the device's microphones to spy on users in real time.
Ian Beer, security researcher at Google Project Zero, was able to exploit Apple's vulnerability and prove what a hacker can do by gaining access to iPhones via Wi-Fi. The Project is designed to recognize vulnerabilities and notify companies of these before hackers gain access to such a security "gap".
In addition, the founder of Project Zero, Chris Evans, stated that the scary thing about this case is that there is no interaction with the user and leaves no indication that the privacy of.
In this attack, malicious agents can simply violate a user's privacy via Wi-Fi, while he is walking and has the iPhone in his pocket.
However, Beer said he had found no evidence that hackers had taken advantage of Apple's vulnerability, and of course he gave Apple time to do so. patch before publicly announcing anything about it. Nevertheless, the fact that there was such a large and important "hole" remains unbelievable. security.
But how could a vulnerability allow such an extensive control of an iPhone without physical access to it and without any interaction with it? user; This is due to the fact that the defect was in one protocol networking called Apple Wireless Direct Link (AWDL). And AWDL can do many things - including sending photos or files stored on iPhone.
AWDL is designed to enable Apple devices such as iPhones, iPads, Macs and Apple Watches to create ad-hoc peer-to-peer mesh networks. Therefore, if you have an Apple device, you create or connect to it several times a day without even realizing it.
If you have ever used Airdrop or Apple TV via Airplay or used your iPad as a secondary screen with Sidecar, then you have automatically used AWDL. But even if you have not used these features, if people close to you have done so, it is very likely that your device is connected to the AWDL network.
Beer's blog post, which explains how the vulnerability arose and how he was able to discover and exploit it, is detailed and technical, noting that the story began in 2018.
Beer is the same researcher who in the past described one of the biggest attacks ever done on iPhone users, by compromised sites that distributed iOS malware. In 2018, the security researcher accused Apple of doing a bad job of fixing the many vulnerabilities it had reported to the company - but the iPhone maker fixed it before iOS 13.5.
Apple, for its part, said most users keep their devices up-to-date, so it would be safe when such vulnerabilities were discovered and that the exploit could only be used within Wi-Fi range.